Build cache credentials are reflected in administration screens
Affected product(s)
- Gradle Enterprise < 2018.5.2
- Gradle Enterprise Build Cache Node < 5.2
Severity
High
Published at
2019-04-22
Related CVE ID(s)
Description
The cache node administration page available via Gradle Enterprise, and individual Build Cache Node servers, reflects the credentials used by users to access the cache via the HTTP interface.
Mitigation
Upgrade to Gradle Enterprise 2020.5.2 and/or Build Cache Node 5.2.